CVE-2024-35468
📋 TL;DR
This SQL injection vulnerability in SourceCodester Human Resource Management System 1.0 allows attackers to execute arbitrary SQL commands via the password parameter in the login page. Organizations using this specific HRM system version are affected, potentially exposing sensitive employee data and system access.
💻 Affected Systems
- SourceCodester Human Resource Management System
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise leading to data theft, privilege escalation, authentication bypass, and potential remote code execution if database permissions allow.
Likely Case
Authentication bypass allowing unauthorized access to HR system, data exfiltration of sensitive employee information, and potential lateral movement within the system.
If Mitigated
Limited impact with proper input validation, parameterized queries, and network segmentation preventing database access.
🎯 Exploit Status
Simple SQL injection via password parameter in login form. Public exploit code available on GitHub.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Download latest version from SourceCodester if available
2. Replace vulnerable /hrm/index.php file
3. Implement parameterized queries in login authentication
4. Add input validation for password field
🔧 Temporary Workarounds
Web Application Firewall (WAF) Rules
allImplement WAF rules to block SQL injection patterns in password parameter
# Example ModSecurity rule: SecRule ARGS:password "@detectSQLi" "id:1001,phase:2,deny"
Input Validation Filter
linuxAdd PHP input validation before SQL query execution
// Add to /hrm/index.php before SQL query:
$password = mysqli_real_escape_string($conn, $_POST['password']);
// Better: Use prepared statements
🧯 If You Can't Patch
- Isolate the HRM system in a separate network segment with strict firewall rules
- Implement multi-factor authentication and monitor for unusual login attempts
🔍 How to Verify
Check if Vulnerable:
Test login page with SQL injection payload in password field: ' OR '1'='1Check Version:
Check /hrm/index.php file header or version file if presentVerify Fix Applied:
Attempt SQL injection payloads and verify they are rejected or properly escaped📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts with SQL syntax in password field
- Unusual database queries from web application user
Network Indicators:
- HTTP POST requests to /hrm/index.php containing SQL keywords in password parameter
SIEM Query:
source="web_logs" AND uri="/hrm/index.php" AND (password CONTAINS "' OR" OR password CONTAINS "UNION" OR password CONTAINS "SELECT")🔗 References
- https://github.com/dovankha/CVE-2024-35468
- https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html
- https://github.com/dovankha/CVE-2024-35468
- https://www.sourcecodester.com/php/15740/human-resource-management-system-project-php-and-mysql-free-source-code.html
